Reddit’s August 2018 security incident: What you need to know

Reddit, one of the world’s most popular websites, announced on August 1, 2018, that it experienced a security breach in which some user data was compromised. The breach mostly affects Redditors that have been on the site since 2007 or earlier, but even if you made your account at a later date, you should still keep reading as there’s a chance some info was still exposed. Between June 14 and June 18 of this year, Reddit says an attacker “compromised a few of our employees’ accounts with our cloud and source code hosting providers.” Although two-factor authentication was set in place, it was done so via SMS and the attacker in question was able to capture the codes using an SMS intercept attack. The attacker was unable to get write-permissions to Reddit but did manage to obtain read-access to certain site systems. While doing so, Reddit notes that the attacker obtained: A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007. With that database backup, usernames, salted + hashed passwords, email addresses, public content, and private messages were obtained (only if you had a Reddit account between 2005 and May 2007). Additionally, the attacker also acquired: Logs containing the email digests we sent between June 3 and June 17, 2018. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to. None of that’s… [Read full story]